Security

Process Implanting: A New Active Introspection Framework for Virtualization

Download Now Free registration required

Executive Summary

Previous research on virtual machine introspection proposed "Out-of-box" approach by moving out security tools from the guest operating system. However, compared to the traditional "In-the-box" approach, it remains a challenge to obtain a complete semantic view due to the semantic gap between the guest VM and the hypervisor. In this paper, the authors present Process Implanting, a new active VM introspection framework, to narrow the semantic gap by implanting a process from the host into the guest VM and executing it under the cover of an existing running process. With the protection and coordination from the hypervisor, the implanted process can run with a degree of steal-thiness and exit gracefully without leaving negative impact on the guest operating system.

  • Format: PDF
  • Size: 771.64 KB